it feels like i am naked using VPNgate

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sacrilege
Posts: 2
Joined: Fri Oct 21, 2016 12:33 am

it feels like i am naked using VPNgate

Post by sacrilege » Fri Oct 21, 2016 12:51 am

greetings, fellows vpngate users. just installed vpngate today to try it and i must say, i need your help with this problem. i am accessing a site that employs very sophisticated tracking methods. i know of at least 3 of them:
1/ geolocation tracking
2/ html5 canvas image extraction and
3/ lso supercookies.

for the purpose of this post, i will only address my main concern with the use of vpngate. the problem here is this: regardless of what vpn server i used, my actual location was identified via edns-client-subnet address. for example, i logged into a japanese server and was immediately identified by the website as coming from canada and denied access. plus my existing account which i created using TunnelBear was deleted as a result of my signing in with a vpngate server. here it is:

IP: 133.209.105.129
Country: Japan
Country code: JP
Region: Tōkyō
Region code: 13
City: Chiyoda-ku
Zip Code:
Latitude: 35.694
Longitude: 139.754
Timezone: Asia/Tokyo
ISP: Biglobe
Organization: Biglobe
AS number/name: AS2518 BIGLOBE Inc.
Internal IP: 10.211.2.19, 192.168.1.8
TCP/IP fingerprint: 1454 MTU, PPPoE, Windows (7/8)
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/D0E1
DNS server: 74.125.76.11 (United States - Google)
edns-client-subnet: 216.183.128.0 (Canada - Bruce Municipal Telephone System)

do you see what the problem here is? the edns -client subnet points exactly to an entry address that i used to access the japanese server.

IS THERE ANY WAY TO MASK THE CLIENT SUBNET ADDRESS???
thank you,

sacrilege
Posts: 2
Joined: Fri Oct 21, 2016 12:33 am

Re: it feels like i am naked using VPNgate

Post by sacrilege » Sat Oct 22, 2016 5:40 pm

sacrilege wrote:
>
> IS THERE ANY WAY TO MASK THE CLIENT SUBNET ADDRESS???

so, it looks like i have to answer my own question. and i dont mean to be facetious but i must say, this forum is not exactly a place to seek technical advice. i glanced at some of the other posts - very good questions but nobody with any knowledge whatsoever here to answer them. the support and exchange of technical ideas on this forum is pathetic and sucks big time !!!

in any case, this is the deal with masking the client subnet address. there are two ways to do it:
1) changing your dns server
2) login via proxy (this is not that great though)

@1/ changing your dns to mask your edns subnet address:
there's a lot of technical papers and discussions out there as to what is going on. nevertheless, the following link explains in layman's terms the issue w/ dns leaks, edns-client-subnet enabled DNS resolver tags queries, network scanning, etc.
https://00f.net/2013/08/07/edns-client-subnet/

the workaround is to change you dns server to a provider that doesnt support edns-client-subnet protocol. if you choose google or opendns, your original ip will leak through. these are not the best ones to use if you want to remain anonymous:
http://beebom.com/best-dns-servers/
here are some other suggestions (ignore google, opendns, ..):
https://www.lifewire.com/free-and-publi ... rs-2626062

for windows, there's a lot of links showing how to change your dns:
https://www.lifewire.com/how-to-change- ... ws-2626242
http://www.howtogeek.com/164981/how-to- ... -browsing/

@2/ login via proxy: you could use either some public proxy or use the softether/vpngate built in feature to connect via pre-configured proxy. both methods appeared to work for me but i didnt test this to the point of being 100% certain but this approach scrubs the edns client subnet ip address from the connection reasonably well.

now, if your concern is geoloc tracking, as is mine, than you may need to make sure that your public dns server is as close to your vpnserver/exit node as possible. for example, if you want to look like somebody login in from canada, you would use vpngate and dns server in canada. for example, these are canadian dns servers:
http://public-dns.info/nameserver/ca.html

from my experience, all geoloc tracking sites use this service:
https://www.maxmind.com/

if you want to see what you look like to other sites, you test it here:
https://www.maxmind.com/en/locate-my-ip-address
and here, among others:
http://ip-api.com/#
https://tools.keycdn.com/geo
http://www.geoiptool.net/


you're welcome /sarc off

Post Reply